|
|
BugTraq
New whitepaper "The Phishing Guide" Sep 22 2004 04:38PM Gunter Ollmann (NGS) (gunter ngssoftware com) (1 replies) Re: New whitepaper "The Phishing Guide" Sep 23 2004 02:57PM Aleksandar Milivojevic (amilivojevic pbl ca) (3 replies) Re[2]: New whitepaper "The Phishing Guide" Sep 26 2004 02:35PM Karsten Heidrich (karsten heidrich-da de) Re: New whitepaper "The Phishing Guide" Sep 24 2004 06:39PM Daniel Veditz (dveditz cruzio com) (3 replies) Re: New whitepaper "The Phishing Guide" Sep 27 2004 02:26PM Chip Andrews (chip sqlsecurity com) (1 replies) Re: New whitepaper "The Phishing Guide" Sep 23 2004 07:21PM Seth Arnold (sarnold immunix com) (2 replies) Re: New whitepaper "The Phishing Guide" Sep 27 2004 06:05PM Greg A. Woods (woods weird com) (1 replies) |
|
Privacy Statement |
> http://www.internetnews.com/dev-news/article.php/721571
>
> Even the best-known X.509 Certification Agency has made screwups
> regarding one of the best-known publicly traded corporations. How hard
> do you think it would be to get certificates for something that sounds
> plausibly like a bank? Credit card company?
I totally agree with what you (and others) wrote. Most of the current
registrars fall from the sky some time ago, telling us that they are
"trusted" entities (yeah right). Even without that incident you
mentioned, would you trust company whose bussiness practices include
hijacking of DNS name space (scandal with wildcard .com and .net
entries) or sending deceptive domain renewals via mail? Probably not.
My point was that currently corporations are not even attempting to use
the tools they have available. It is more important to them that
message is nicely HTML formated, than putting even basic security
precausins (such as signing with x509 certificate).
--
Aleksandar Milivojevic <amilivojevic (at) pbl (dot) ca [email concealed]> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
[ reply ]